crypto/cms: Add support for CAdES Basic Electronic Signatures (CAdES-BES) (e85d19c6) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Commit e85d19c6 authored Dec 12, 2018 by

Antonio Iacono Committed by Dr. Matthias St. Pierre Jan 27, 2019

crypto/cms: Add support for CAdES Basic Electronic Signatures (CAdES-BES)



A CAdES Basic Electronic Signature (CAdES-BES) contains, among other
specifications, a collection of  Signing Certificate reference attributes,
stored in the signedData ether as ESS signing-certificate or as
ESS signing-certificate-v2. These are described in detail in Section 5.7.2
of RFC 5126 - CMS Advanced Electronic Signatures (CAdES).

This patch adds support for adding  ESS signing-certificate[-v2] attributes
to CMS signedData. Although it implements only a small part of the RFC, it
is sufficient many cases to enable the `openssl cms` app to create signatures
which comply with legal requirements of some European States (e.g Italy).

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7893)

parent 9f5a87fd

Hide whitespace changes

Inline Side-by-side

Please register or to comment